| Message ID | 1366027438-4560-1-git-send-email-sachin.kamat@linaro.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Hi Sachin, On 04/15/2013 02:03 PM, Sachin Kamat wrote: > If fimc->drv_data is NULL, then fimc->drv_data->num_entities would > cause NULL pointer dereferencing. > While at it also remove the check for fimc->id being negative as 'id' is > unsigned variable and can't be less than 0. > > Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org> > --- > drivers/media/platform/exynos4-is/fimc-core.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > > diff --git a/drivers/media/platform/exynos4-is/fimc-core.c b/drivers/media/platform/exynos4-is/fimc-core.c > index f25807d..d388832 100644 > --- a/drivers/media/platform/exynos4-is/fimc-core.c > +++ b/drivers/media/platform/exynos4-is/fimc-core.c > @@ -953,10 +953,9 @@ static int fimc_probe(struct platform_device *pdev) > fimc->drv_data = fimc_get_drvdata(pdev); > fimc->id = pdev->id; > } > - if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities || > - fimc->id < 0) { > - dev_err(dev, "Invalid driver data or device id (%d/%d)\n", > - fimc->id, fimc->drv_data->num_entities); > + if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) { > + dev_err(dev, "Invalid driver data or device id (%d)\n", > + fimc->id); > return -EINVAL; Thanks for the patch. To make it more explicit I would prefer to change id type to 'int', and to leave the check for negative value. There is a similar issue in fimc-lite.c that could be addressed in same patch. Could you also fix this and resend ? Regards, Sylwester -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi Sylwester, On 15 April 2013 20:51, Sylwester Nawrocki <s.nawrocki@samsung.com> wrote: >> - if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities || >> - fimc->id < 0) { >> - dev_err(dev, "Invalid driver data or device id (%d/%d)\n", >> - fimc->id, fimc->drv_data->num_entities); >> + if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) { >> + dev_err(dev, "Invalid driver data or device id (%d)\n", >> + fimc->id); >> return -EINVAL; > > Thanks for the patch. To make it more explicit I would prefer to change > id type to 'int', and to leave the check for negative value. There is > a similar issue in fimc-lite.c that could be addressed in same patch. > Could you also fix this and resend ? Sure. I also found a few more things to fix and sent a 5 patch fix series including the above changes.
Hi Sachin, On 04/16/2013 08:16 AM, Sachin Kamat wrote: > Hi Sylwester, > > On 15 April 2013 20:51, Sylwester Nawrocki <s.nawrocki@samsung.com> wrote: > >>> - if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities || >>> - fimc->id < 0) { >>> - dev_err(dev, "Invalid driver data or device id (%d/%d)\n", >>> - fimc->id, fimc->drv_data->num_entities); >>> + if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) { >>> + dev_err(dev, "Invalid driver data or device id (%d)\n", >>> + fimc->id); >>> return -EINVAL; >> >> Thanks for the patch. To make it more explicit I would prefer to change >> id type to 'int', and to leave the check for negative value. There is >> a similar issue in fimc-lite.c that could be addressed in same patch. >> Could you also fix this and resend ? > > Sure. > I also found a few more things to fix and sent a 5 patch fix series > including the above changes. Thanks a lot for your review and patches. I'll apply patches 1..2/5 for 3.10-rc, and patch 3/5 for 3.11. Regarding patch 4/5, as can be seen I didn't test the driver as a module before pushing upstream, my bad! :( So I had a look at it and found a few more issues. _Almost_ everything is fine now :-) after I fixed those, I'm going to post related patch set soon. Your patch 4/5 is not applicable any more unfortunately. Regarding patch 5/5, I would prefer to keep that code, if you and others don't mind. Sorry, I'm a bit tied to it ;) Seriously, I hope to have more V4L2 controls supported for 3.11, so removing and re-adding that chunks would be a useless churn IMHO. Regards,
Hi Sylwester, On 17 April 2013 16:33, Sylwester Nawrocki <s.nawrocki@samsung.com> wrote: > Hi Sachin, > > On 04/16/2013 08:16 AM, Sachin Kamat wrote: >> Hi Sylwester, >> >> On 15 April 2013 20:51, Sylwester Nawrocki <s.nawrocki@samsung.com> wrote: >> >>>> - if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities || >>>> - fimc->id < 0) { >>>> - dev_err(dev, "Invalid driver data or device id (%d/%d)\n", >>>> - fimc->id, fimc->drv_data->num_entities); >>>> + if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) { >>>> + dev_err(dev, "Invalid driver data or device id (%d)\n", >>>> + fimc->id); >>>> return -EINVAL; >>> >>> Thanks for the patch. To make it more explicit I would prefer to change >>> id type to 'int', and to leave the check for negative value. There is >>> a similar issue in fimc-lite.c that could be addressed in same patch. >>> Could you also fix this and resend ? >> >> Sure. >> I also found a few more things to fix and sent a 5 patch fix series >> including the above changes. > > Thanks a lot for your review and patches. I'll apply patches 1..2/5 for > 3.10-rc, and patch 3/5 for 3.11. OK. No problem. > > Regarding patch 4/5, as can be seen I didn't test the driver as a module > before pushing upstream, my bad! :( So I had a look at it and found a few > more issues. _Almost_ everything is fine now :-) after I fixed those, > I'm going to post related patch set soon. Your patch 4/5 is not applicable > any more unfortunately. Not a problem as long as the issue is handled or fixed :). > > Regarding patch 5/5, I would prefer to keep that code, if you and others > don't mind. Sorry, I'm a bit tied to it ;) Seriously, I hope to have more > V4L2 controls supported for 3.11, so removing and re-adding that chunks > would be a useless churn IMHO. Right. That is the reason I kept this patch at the end of the series so that you may decide as appropriate.
diff --git a/drivers/media/platform/exynos4-is/fimc-core.c b/drivers/media/platform/exynos4-is/fimc-core.c index f25807d..d388832 100644 --- a/drivers/media/platform/exynos4-is/fimc-core.c +++ b/drivers/media/platform/exynos4-is/fimc-core.c @@ -953,10 +953,9 @@ static int fimc_probe(struct platform_device *pdev) fimc->drv_data = fimc_get_drvdata(pdev); fimc->id = pdev->id; } - if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities || - fimc->id < 0) { - dev_err(dev, "Invalid driver data or device id (%d/%d)\n", - fimc->id, fimc->drv_data->num_entities); + if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) { + dev_err(dev, "Invalid driver data or device id (%d)\n", + fimc->id); return -EINVAL; } if (!dev->of_node)
If fimc->drv_data is NULL, then fimc->drv_data->num_entities would cause NULL pointer dereferencing. While at it also remove the check for fimc->id being negative as 'id' is unsigned variable and can't be less than 0. Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org> --- drivers/media/platform/exynos4-is/fimc-core.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-)